win7/xp on same machine, want both joined to same domain

[merk]

Hi all,

Is there an issue with having an xp and win7 install on the same machine and trying to get both instances of windows joined to the same domain? I had xp joined, then installed win7, had it joined to the domain. When i tried to boot back into xp, my login didn't work since it wasn't part of the domain anymore. I dont think it matters but xp and win7 are on separate drives.

Had IT come over and change the name of the xp install (both win7 and xp had the same computer name) since i thought that might be the issue, re-joined the domain under xp. Now my Win7 login doesn't work.

Is there something special you have to do (or can it not be done?) to get two instances of windows on the same machine joined to the same domain?

 

[theevilsharpie]

When you join a computer to an Active Directory domain, it creates a computer account with your physical PC's GUID as part of the account information. You can't join the same computer to the domain twice and have it work properly.

If you want to run two different domain-joined OS's on the same computer, I suggest installing Windows 7 on the physical hardware, and then running XP in a virtual machine. The virtual machine will have its own GUID, and you won't have conflicting GUID's in Active Directory.

 

[imagoon]

Your same computer name was the main issue. However I would question why would would do all this work when you can just use XP mode in Win 7. My XP mode XP is joined to the domain just fine.

 

[merk]

theevilsharpie - i thought each OS would have it's own GUID? So the GUID shouldn't be an issue i thought.

Right now I'm thinking that maybe when he fixed the problem with XP, he intially joined it back to the domain with the same name it original had (that win7 now has) which now hosed the Win7 login. Hopefully he just has to re-join the win7 machine and i'll be good.

As for xp mode - two reasons:
1. My pc hardware doesn't support it
2. I already had XP installed and wanted to be able to boot back into it if needed. So even if my hardware supported virtualization, xp mode wouldn't have helped in this particular instance.

 

[theevilsharpie]

theevilsharpie - i thought each OS would have it's own GUID? So the GUID shouldn't be an issue i thought.

Your GUID is stored in your computer's BIOS, not the OS.

1. My pc hardware doesn't support it

If you don't have the hardware virtualization support that XP mode requires, you can use VMware Player instead.

2. I already had XP installed and wanted to be able to boot back into it if needed. So even if my hardware supported virtualization, xp mode wouldn't have helped in this particular instance.

You can (kind of) transfer your physical install to a virtual machine using a tool like VMware Converter, although I'm not sure if that will transfer the GUID as well. However, you may ultimately have to choose between the convenience of an existing install or the ability to have it connect to the domain.

 

[imagoon]

When you join a computer to an Active Directory domain, it creates a computer account with your physical PC's GUID as part of the account information. You can't join the same computer to the domain twice and have it work properly

Hmm. Maybe I should tell that to my dual boot boxen on the desk.

You must have a different machine name, the GUID is used but is not required to be different. MS even provides a way to disable machine auto password changes to make them share one computer account if you *really* want to. However this is not a good method.

 

[merk]

I thought the GUID (or is it SID?) is unique to each windows install. i.e. even if i did a fresh install of XP with the same computer name, it would be a different pc as far as the domain controller was concerned?

Its not worth taking the existing xp install and converting it to a virtual. Easier to just leave it where it is and boot into it the (hopefully) rare times I'll need it.

For now I'm using sun virtualbox, which seems to work well enough for my needs as far as virtual pc's go.

 

[theevilsharpie]

I thought the GUID (or is it SID?) is unique to each windows install. i.e. even if i did a fresh install of XP with the same computer name, it would be a different pc as far as the domain controller was concerned?

The SID is unique to the install. The GUID is defined in the hardware.

Think of this way: the SID is to an IP address as the GUID is to a MAC address.

Its not worth taking the existing xp install and converting it to a virtual. Easier to just leave it where it is and boot into it the (hopefully) rare times I'll need it.

You may just want to leave the XP install off of the domain if it's not something you'll be using often. Unless your IT dept. has the domain really locked down, you should still be able to authenticate and access domain resources.

 

[merk]

Ah ok - wasn't really clear on the difference between the SID and GUID. I had thought the domain controller uses the SID and not the GUID.

As for the xp install - it would be a pain if i had to leave it off the domain since all my stuff on that install is set up under the domain login. I could still use it under my local account. It would just a minor hassle to have to set up all the program shortcuts and whatnot that are associated with the domain login.

I'm hoping the issue is just that when he fixed the problem with the XP login he accidentally joined it back to the domain name with the original name, which the win7 install now has.

 

[imagoon]

Ah ok - wasn't really clear on the difference between the SID and GUID. I had thought the domain controller uses the SID and not the GUID.

As for the xp install - it would be a pain if i had to leave it off the domain since all my stuff on that install is set up under the domain login. I could still use it under my local account. It would just a minor hassle to have to set up all the program shortcuts and whatnot that are associated with the domain login.

I'm hoping the issue is just that when he fixed the problem with the XP login he accidentally joined it back to the domain name with the original name, which the win7 install now has.

Make sure the names are different and just join both to the domain. Make sure to remove the existing ones on the domain. It will work fine. It does on my various test boxen. There are 2 GUID's in a computer account, the hardware one that is provided by the PC is just data. Another is generated by AD for the actual entry.

PS the netbios names also need to be different.

During a rename the netbios name *may* not change.

 

[merk]

ok both installs have a different name so i think i am good. I'll have IT re-join the win7 install tomorrow and hopefully that'll resolve it.

 

[RebateMonger]

There's no problem joining two Windows OSes on the same hardware to the same Domain.

If you can't log into the Domain Controller, it's more likely a naming conflict or a DNS problem or both.

Here's a discussion about somebody having a similar problem on a dual-boot PC:
http://www.velocityreviews.com/forums/t489989-dual-boot-domain-login-fails.html

Did you, by any chance, use the same computer name for both boots? If so,
that's the problem. You need to go into whichever one is NOT working, change
the name, and rejoin the domain. Depending on how hosed it is, you may need
to remove both of them from the domain, change both names to something new
(and different from each other) and then rejoin them to the domain."

"The issue is that each computer needs to have a UNIQUE computer account in
the domain. So when machine #1 (name machine_a) gets joined, it is assigned
an SID, and that SID is linked to a DNS name and a NetBIOS name. Now, when
you try to log in with machine #2(name machine_a), and join it to the
domain, it has a different SID (security identifier, guaranteed to be
globally unique), and _that_ SID gets linked to the DNS and NetBIOS names.
Now, go back to the first one, and the domain controller says "you claim to
be machine_a, but your SID is wrong, so no way am I letting you in."

 

[deaner]

Your same computer name was the main issue. However I would question why would would do all this work when you can just use XP mode in Win 7. My XP mode XP is joined to the domain just fine.

Amen Brutha! Can confirm that one -

 

[rsolomon]

You must have a different machine name, the GUID is used but is not required to be different. MS even provides a way to disable machine auto password changes to make them share one computer account if you *really* want to. However this is not a good method.

Is there a good method to have two OS'es share one computer account? How would one bring over the computer account info from the XP install (using the OPs example) into the Win7 install?

TIA,
Richard

 

[Emulex]

make sure that if you have used the computer names before; that you delete those computer names from the AD server before rejoining. it will keep note last time i checked.

basically i never - ever - EVER re-use a computer name unless i'm restoring a full metal backup.

I never change sid's or do whacky stuff like that - likewise with dns on the AD server.

 

[deaner]

make sure that if you have used the computer names before; that you delete those computer names from the AD server before rejoining. it will keep note last time i checked.

Your right, you have to delete the Old PC from AD - if needed you can use the same name...but depending on how things are done where you are, this will ultimately dictate this action.

 

[VirtualLarry]

Your GUID is stored in your computer's BIOS, not the OS.

Windows doesn't use the filesystem's GUID? There's one in the BIOS? So much for the big to-do about the Pentium III PSN (processor serial number). Most BIOSes of that day allowed you to disable that, so as not to be uniquely identifiable to software. And now they put a GUID into the mobo BIOSes?

 

[imagoon]

Is there a good method to have two OS'es share one computer account? How would one bring over the computer account info from the XP install (using the OPs example) into the Win7 install?

TIA,
Richard

You can disable the computer account password changes via the domain controllers. You then join both with the same initial passwords. The passwords no longer change so both versions can log in using that one account.

Not the best idea over all however.